Reputation approvals allow high-trust software to run on agent-managed computers with little administrative effort. How you implement reputation approvals depends on your goals, especially the balance between convenience and protection.
Although you can enable them separately, you get the maximum benefit of reputation approvals by enabling both file and publisher reputation approvals:
- File reputation approvals – Not all files are signed by a publisher. By using file reputation approvals, you can take advantage of the reputation data for specific files known to Carbon Black File Reputation, regardless of whether a file has a known publisher.
- Publisher reputation approvals – By using publisher reputation approvals, you ensure that all files signed by trusted publishers, including new files that might not have their own reputation yet, are approved and can run on agent-managed computers. Files from approved publishers are approved locally on connected agent-managed computers.
You can enable reputation approvals for all computers or only for computers in specific policies. There is no performance benefit or penalty for limiting reputation approvals to certain policies, so you should enable reputation approvals for all policies except those in which you want complete control over which specific files can be executed.